Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    cd3f88a43b2764c4896ab8f879fb2c10

  • Size

    653KB

  • Sample

    240316-gb6hfaeh59

  • MD5

    cd3f88a43b2764c4896ab8f879fb2c10

  • SHA1

    bb85a6645a908be90ff4015e069904194cb282cf

  • SHA256

    0a7f5f666fb7a1cdda25353191ddaced97674f596af7230d58af2ee14ea14819

  • SHA512

    9f9987b804d0e8cff9c383651fd0b88d98ca21e3f318643b0afc9c05d352f66a9a7baa048644ab89e9bfee94e92e90fa433f3fb4b99e70d5c457eb9052bdd1f1

  • SSDEEP

    6144:LQBD8ozQzHR21FJLgGz0kUTVvSERat1Hin2n+jX/oKrcqIyfm/a7bB3+Xv:LQBD8DWsvS+ICn2n0AKgqIyfmE

Malware Config

Extracted

Family

redline

Botnet

CRYPTO

C2

212.86.102.139:32600

Targets

    • Target

      cd3f88a43b2764c4896ab8f879fb2c10

    • Size

      653KB

    • MD5

      cd3f88a43b2764c4896ab8f879fb2c10

    • SHA1

      bb85a6645a908be90ff4015e069904194cb282cf

    • SHA256

      0a7f5f666fb7a1cdda25353191ddaced97674f596af7230d58af2ee14ea14819

    • SHA512

      9f9987b804d0e8cff9c383651fd0b88d98ca21e3f318643b0afc9c05d352f66a9a7baa048644ab89e9bfee94e92e90fa433f3fb4b99e70d5c457eb9052bdd1f1

    • SSDEEP

      6144:LQBD8ozQzHR21FJLgGz0kUTVvSERat1Hin2n+jX/oKrcqIyfm/a7bB3+Xv:LQBD8DWsvS+ICn2n0AKgqIyfmE

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks